CVE-2024-37575
📋 TL;DR
This vulnerability in the Should I Answer? Android app allows any installed application without permissions to place phone calls without user interaction by sending a crafted intent. It affects Android users running version 1.4.264 of the app. The vulnerability enables unauthorized phone calls which could lead to toll fraud or privacy violations.
💻 Affected Systems
- org.mistergroup.shouldianswer (Should I Answer?)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Malicious app could place premium-rate calls costing victims money, make calls to emergency services causing disruption, or call contacts to spread malware/phishing links.
Likely Case
Malware or adware apps could place unauthorized calls to generate revenue through toll fraud or call premium numbers.
If Mitigated
With proper app sandboxing and intent filtering, impact is limited to apps that can bypass Android's security model.
🎯 Exploit Status
Proof of concept available in GitHub repository. Exploitation requires installing a malicious app alongside the vulnerable app.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.4.264
Vendor Advisory: https://github.com/actuator/org.mistergroup.shouldianswer/blob/main/CVE-2024-37575
Restart Required: No
Instructions:
1. Open Google Play Store 2. Search for 'Should I Answer?' 3. Update to latest version 4. Verify version is newer than 1.4.264
🔧 Temporary Workarounds
Uninstall vulnerable app
androidRemove the vulnerable version of Should I Answer? from Android device
Settings > Apps > Should I Answer? > Uninstall
Disable app permissions
androidRevoke phone call permissions from the app
Settings > Apps > Should I Answer? > Permissions > Phone > Deny
🧯 If You Can't Patch
- Install alternative call screening app from trusted vendor
- Enable Android's built-in call screening features instead
🔍 How to Verify
Check if Vulnerable:
Check app version in Settings > Apps > Should I Answer? > App info. If version is 1.4.264, device is vulnerable.Check Version:
adb shell dumpsys package org.mistergroup.shouldianswer | grep versionNameVerify Fix Applied:
Update app via Play Store and confirm version is newer than 1.4.264.📡 Detection & Monitoring
Log Indicators:
- Unexpected phone call intents from non-dialer apps
- Should I Answer? activity being invoked by other apps
Network Indicators:
- Unexpected outbound calls to premium numbers
- Call patterns not matching user behavior
SIEM Query:
app:'org.mistergroup.shouldianswer' AND activity:'DefaultDialerActivity' AND source_app!='com.android.dialer'